86 matches found
OpenIPMI 安全漏洞
OpenIPMI is an open source project from OpenIPMI Open Source. Designed to create a fully functional IPMI system that allows full access rights to all IPMI information on a server. A security vulnerability exists in OpenIPMI that stems from a lack of authorization type checking on incoming LAN...
cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +185 more potentially affected by CVE-2024-42681 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.1)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2024-42681 Source advisory: OSV:GHSA-CPFP-M5QW-C4R3...
About the security content of macOS Ventura 13.6.8
About the security content of macOS Ventura 13.6.8 This document describes the security content of macOS Ventura 13.6.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
CVE-2024-36418 SuiteCRM authenticated RCE using connectors
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
AJ-Report SQL Injection Vulnerability (CNVD-2024-27556)
AJ-Report is anji-plus open source a completely open source , drag and drop editing visual design tools. AJ-Report 1.4.1 and earlier versions of SQL injection vulnerability , there is no detailed vulnerability details provided...
actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)
surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-6R8P-HPG7-825G...
China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents
China's Ministry of Industry and Information Technology MIIT on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensu...
org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=1.6.179) potentially affected by CVE-2023-6837 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=1.6.179)
org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =1.6.179 Source cves: CVE-2023-6837 Source advisory: OSV:GHSA-F6JM-9PR8-9C3W...
nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-50263 via nautobot (=2.0.0)
nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-50263 Source advisory: OSV:PYSEC-2023-286...
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve...
GHSA-GFMM-WW6F-5MM5 Magento Open Source allows Improper Neutralization of Special Elements Used
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of...
UBUNTU-CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...
CVE-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
CVE-2022-2131
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack...
causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by unknown CVE via tensorflow-gpu (=2.8.0)
tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-MW6J-HH29-H379...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2163 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2163 Source advisory: OSV:GHSA-2XCM-H7VV-G8M9...
com.base2services.jenkins:github-sqs-plugin (>=1.0 <=1.1), com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.6) +23 more potentially affected by CVE-2018-1000184 via com.coravy.hudson.plugins.github:github (>=1.10 <=1.27.0)
com.coravy.hudson.plugins.github:github MAVEN version =1.10, =1.0, =4.0.9, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =1.3.0, =1.0, =0.9.14, =1.36.0, =1.42.2 and more Source cves: CVE-2018-1000184 Source advisory:...
cn.home1:spring-cloud-eureka-server (>=0.0.1 <=1.0.1.U1), com.github.springcloud:moss-client-1.x (=1.0.1.RELEASE) +162 more potentially affected by CVE-2018-1000130 via org.jolokia:jolokia-core (>=1.3.7 <=1.4.0)
org.jolokia:jolokia-core MAVEN version =1.3.7, =0.0.1, =1.2.0, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =0.1.5, =0.1.5, =2.0-beta-1, =2.3.0, =2.7.1 and more Source cves: CVE-2018-1000130 Source advisory: OSV:GHSA-RHQJ-4PP8-VVGF...
CasaOS Command Injection Vulnerability
CasaOS is a simple, easy-to-use and elegant open source home cloud system. A command injection vulnerability exists in CasaOS versions prior to 0.2.7. The vulnerability stems from the failure of a networked system or product to properly filter special characters, commands, etc. from a user's inpu...
BossCMS V1.1 Arbitrary File Download Vulnerability in Background
BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS background arbitrary file download vulnerability, attackers can use the vulnerability to download any file in the server...